Jump to content


SpamCop Staff
  • Content Count

  • Joined

  • Last visited

Everything posted by julian

  1. Mailhost configuration SpamCop is undergoing a major renovation to the underlying logic which it uses to determine spam sources. Soon, all SpamCop users will be required to use this new system, completing additional setup steps. Some "unique" users may not be able to report all the spam they have in the past. Why? This is being done because of ongoing problems - spammers have finally begun doing what we have known they could do all along - create really convincing mail header forgeries. These forgeries make SpamCop think spam is being sent from innocent sites where it is actually not. Clearly, this must be stopped. Currently, only a few spam forgeries cause serious problems for SpamCop, but if this problem is not solved, it will become much worse. Even now, a few mis-identified innocent sites are a big problem. This system promises to eliminate the forgery problem forever, while also avoiding problems caused by other less-drastic attempts to mitigate the forgeries. However, it does require more involvement from SpamCop users. When? For now, this new system is optional. You may chose to use it or not. However, users are encouraged to start using it immediately. Once we have some feedback from users, and have addressed the most serious problems, it will become mandatory for all users. In the future, we may make other changes which will make reporting spam easier. For example, if we can be sure there are no errors, we may be able to dispense with additional user confirmation when spam is submitted. How? For users with only one email address, the process is easy. Simply click the Add/Change link below and follow the instructions. For users using their SpamCop email exclusively, the process is even easier - it is already done (visiting this page has activated it!). Note that if you forward SpamCop email into or from the SpamCop system, you still have to configure the other accounts involved. For users with multiple accounts, the proceedure is slightly more difficult. For example, a user with two forwarding addresses configured to forward to one email account should first configure the main account, then configure each of the forwarding accounts: Image: http://www.spamcop.net/images/forwarding_diagram.gif In example 1, Account C should be configured first, then B and then A. In example 2, Account C should be configured first, followed by A and B in no particular order. Accounts should be configured in reverse order of email delivery. That is, if an email is received first at address A, then that account should be the last to be configured with SpamCop. Warning: If you use this new system, you must complete the configuration process for all accounts where you receive spam. If you fail to complete the configuration for one of your legitimate mail hosts, you may cause SpamCop to attribute spam to it. Once you begin the migration process, do not report any more spam until it is complete. For now, there is an option to revert away from this new system. However, users are urged to try the new system and post problems in the forum rather than reverting. At least, do not do both - reverting your account will make it more difficult for us to diagnose problems.
  2. Sorry, wrong. SpamCop (AFAIK - and I oughta know) is not refusing any mail to it's domains from anywhere, anytime, anyhow. If there's a problem, we'll fix it. It sounds like you *might* be getting blocked by a port-25 or other direct-to-mx blockade internal to your ISP. That would have a similar effect. -=Julian=-
  3. julian

    Best practices for spamtrap reporting

    Quick reports are the regular registered reports. -=Julian=-
  4. julian

    Best practices for spamtrap reporting

    Hi Carlos. Here are the different reporting methods in the order of their weighting in the bl system: Spamtraps: In order to submit spamtraps to spamcop, you must set up permanent forwarding and work with me to configure an account for you. I'm adding a FAQ for this here: http://www.spamcop.net/fom-serve/cache/402.html We currently get about 85% of spam from traps. Registered submissions: These are the normal confirmation-required submissions. Whether you use spam Assasin or another method to submit spam. These reports account for about 10% of the spam. "Unsolicited" submissions: Submissions from default spam Assasin and some other sources are used to "bolster" other types of reports about a source of spam. They cannot cause a new source of spam to be blocked. These submissions are not shared with ISPs. They account for about 5% of the submissions. The trap system has existed for a long time, though I have not publicly asked for submissions before now. It will probably remain a pretty low-profile choice. The unsolicited method is very new, and I'm still evaluateing it's cost/benefit. I may tie it into cooperative ISP's spam-feedback mechanisms (like AOL's "this is spam" or similar). ISPs who wish to discuss this possibility are welcome to contact me to set up some sort of trial. -=Julian=-
  5. julian

    Updated Look and Feel for SpamCop.Net

    I think this falls under the category of "Older browsers may cause some cosmetic problems, but the site should still work OK. " Get the new version of opera. It works fine. If you see a way to fix the site so that it works with that version, share. I don't have that old version here, and don't think there are many people using it, so am not going to spend time on it. But if you volunteer the fix (if any), I'm happy to incorporate it. -=Julian=-
  6. julian

    Updated Look and Feel for SpamCop.Net

    That's 'cause the validator needs to log into your account if you use that authen-required link. Some pages are accessible without a password, and there the links are helpful (really just for me trying to jump through all the hoops). If you use them from the www.spamcop.net site, they work OK on many pages, but still they don't work for the pages where login is required (no error, but they check only the "login required" page, not the actual logged-in version). -=Julian=-
  7. julian

    Updated Look and Feel for SpamCop.Net

    OK, you were a bit too quick. I *just* published the code and I am now telling akamai to refresh the .css page from it's cache. Check this URL: http://www.spamcop.net/images/05look.css You should see "/* 05look.css $Revision: 1.3 $ */" as the 2nd line if you are actually fetching the new code. If you see that, *then* let me know how it looks/if it's fixed. -=Julian=-
  8. julian

    Updated Look and Feel for SpamCop.Net

    I'll be gradually migrateing all the "live" content like that to CSS use rather than "font" tags. As you say, it should be fine this way for now, but you can expect that it'll get converted to "div" with an appropriate style entry down the road some day. -=Julian=-
  9. julian

    Updated Look and Feel for SpamCop.Net

    That certianly would be annoying. I've standardized on "em" as the font-size specifier rather than percent. Let me know if the problem is fixed - I never saw such behavior in my testing - definitely not intentional. -=Julian=-
  10. julian

    Updated Look and Feel for SpamCop.Net

    I'd be interested to see a screen-shot of how it look for you as well as some details on what browser and operating system you're using. Although we specify Verdana first, we provide 3 different fall-back options, which should each look OK. Browsers should exhaust the options given by the stylesheet before they deteriorate to other fonts. I'd like to stick with verdana if I can, but I can roll back to helvetica or arial without too much pain if it is really an unavoidable problem. -=Julian=-
  11. Not sure what the ettiquette is here, but I thought I'd start a fresh thread so I can start ignoring the off-topic stuff attached to the previous ones. I've done some more cleaning up and fixing on the new look. Here are some notes on my progress: I tried to do some fixes to the underlying java scri_pt for mac users using IE. I'm not sure how effective that will be, but I look forward to detailed reports about the problem from mac users (exact error message, detailed description of symtoms, screenshots, etc are appreciated). I'm not expecting the appearance to ever approach perfect with such an old IE version, but I do at least want to make sure the site is accessible. Since I don't have a mac, I don't know how well I'm going to be able to debug this, but based on some earlier feedback, I made some hopefully-helpful changes to the java scri_pt. I have a theory about the "blank page" issue too, and hopefully some of the more recent changes to style-sheet names and link tags should help with that. Please let me know if there are still problems. I made the cookie-setting code more conservative. If you don't actually fiddle with the style menu, you shouldn't be asked to take a cookie. Various tweaks for standards-compliance. All the .css files should be strict CSS2 now, but I'm sure I'll be chaseing HTML4 compatibility for years, there are so many different pages. I want to get rid of all tables too, but that's going to be a more long-term evolution. We have been pretty concerned about the type of ads being displayed by google, you may have seen a disclaimer I added, but we've decided to just get rid of them altogether for the time being - at least until we figure out what direction to go with them. Maybee we will just forgoe that revenue altogether on the "penny wise, pount stupid" theory. Even the previous webmasters.com ad was misleading some people. Free users should have mailhosts capability back. In related news, we are working on getting away from the bookmark-as-secure-login system for free users. In the future, everyone will be asked to set and provide a username & password. This may upset some people who like the existing method, but it's really pretty dumb. Thanks for all the kind words and feedback so far. Our aim is your happyness! -=Julian=-
  12. julian

    Another take on the new look

    Just added some more stuff which detects & dumbs down for anything detecting as netscape 4. Maybee IE5 is in that category. Just curious why you don't use safari instead of IE5 if you have OSX? I'll go poke around the NNTP groups too. I don't think a new forum is in order, I hope/expect this to be a short-lived situation. OTOH, I don't know why the thread was moved over to the lounge from the main spamcop group. ? -=Julian=-
  13. julian

    New Look Browser Issues

    This is the error reported by another mac user, and I have attempted to address it. But not seeing the error myself, I don't know if my fix worked or not. If you still get this error, make sure you aren't seeing the old cached version of the scri_pt file: The url (old or new) is: http://www.spamcop.net/images/scri_pt.js And this is the function in it's hopefully-fixed state (toward the bottom): function getPreferredStyleSheet() { var i, a; for(i=0; (a = document.getElementsByTagName("link")); i++) { if ((a.getAttribute("rel")) && (a.getAttribute("rel").indexOf("style") != -1) && (a.getAttribute("rel").indexOf("alt") == -1) && (a.getAttribute("title")) ) { return a.getAttribute("title"); } } return null; } Note above the line: if ((a.getAttribute("rel")) That shoulf fix the problem - I hope. Can anyone confirm or deny that? -=Julian=-
  14. julian

    New Look Browser Issues

    I'll run them through the CSS validator here to correct any problems. But that isn't going to change the fact the IE is broken. The small syntax problems in the style sheets isn't what's causing the problems with IE. IE just does not support CSS2. If you could in the future, be more specific about the problems, that would help alot. Please point out the bits of code which are note HTML4 comlpliant, and I'll do my best to make them right. -=Julian=-
  15. julian

    New Look Browser Issues

    CSS 2.0 from 1998: http://www.w3.org/TR/CSS2/ http://www.w3.org/TR/CSS2/visudet.html#propdef-max-width I will try to tone down the IE message, but I don't want the point to be lost - people should *upgrade* away from IE. Good for them, good for us (website designers in general). I would welcome a new version of IE from microsoft which really fixed some of the issues, but that seems a long way off at this point. The evidence available seems to indicate nobody is even working on IE at this point. I wouldn't be surprised if microsoft switched to gecko too. Their embrace and extend strategy seems to have failed WRT HTML and so I don't know if they have the same incentive to produce a free browser any more - they might as well just join the gecko crowd and give their users a decent product, at little cost to them. -=Julian=-
  16. julian

    I just have one question

    Any delay over 7 seconds is a bug. I'm looking into this problem & should have a fix online shortly. The delay for non-paid members should never be longer than that, and I appologize if it has been. The nag screen delay does not depend on system load at all - other "inherent" delays in processing are dependant on load, but not the nag screen. -=Julian=-
  17. julian

    New HTML Interface Look and Feel

    Thanks for the feedback. The max width thing was hotly debated here (I'm not the only cook stirring this pot these days). Swappable styles was something I had in reserve, and I have added that feature now. The default is still the fixed-width layout, but there are now various wider options. Happy to hear it's working well otherwise. I fixed the spelling and the color of that trap link. Hope that helps. Enjoy! OH, BTW, some of the changes to styles or the java scri_pt behind them may take a while to show up (max 1 hour), since they get cached by akamai (I'm refreshing the cache manually, but it still takes a few minutes to propagate). -=Julian=-
  18. That's probably just general slowness, which seems to be an epidemic lately in the mornings, when the system is most active. We're working on the fix for that. Your email should get through soon though, and you should get replies. -=Julian=-
  19. Well, no since this is a trusted system. We know mindspring servers don't lie/aren't infected/etc. Tagging for the mis-dead is still an acceptable outcome (some might argue preferable). -=Julian=-
  20. It's a global thing. I think it should stay this way until we get everyone onto the new system. Then we can start to pare back the number of hosts flagged as trusted. Other than the ugly warning (which can be very important in cases where the user *does* have a mindspring/whatever account), this still works, so I don't see it as a big problem. You know you don't have a mindspring account, and so you can still report the spam. -=Julian=-
  21. Hmm. Very astute. I spot checked one of the tap hits against one of those internal hosts, and it didn't go through the main MX at all. So it looks like it's working the way it should. But the as-yet unspoken corellary with all of this is that ISP's main mxes, if used for spamming, will be more likely to wind up on the BL. I think that's probably a good thing, both for the BL users and for 3rd parties who want to get less spam (more preassure on ISPs to lock down). -=Julian=-
  22. vets-internet, thanks! That gave me something to chew on. Looks like I have some bugs in my smtp-sender code. This explains why AOL users didn't get confirmations either. Applying a fix now. Anyone who wasn't getting the confirmation email, please try again. I hope you can live with all the junk I just sent you during my testing process. -=Julian=-
  23. Actually, the spam traps were some of the first "users" to convert to the new system. What gave you the impressiong they did not? All the spamtraps are using it already, with great success. I wanted to do that before I let users loose on the system. Spamtraps generally have a much simpler configuration. -=Julian=-
  24. julian

    Getting Started

    I'll let you experiment and draw your own conclusions. If nothing else, you should be very careful whenever you change your mail routeing. Theoretically (and the way it's set up now), once all the mailhosts are configured, the order *should* be able to change and spamcop can keep up. But I can't garantee that. You just have to try it yourself and see if it works for whatever new configuration you are using. If in doubt, reconfigure the mailhosts involved. You should be able to always "add mailhost" on an existing address and it'll just get update the existing record while it tests to make sure it is parseable. -=Julian=-
  25. Probably becuase you did file 3 complaints against your own server, and put it on the blacklist. Please be more careful! I removed it. I can see I need to add a warning to the probe email to *not* share it. It contains information confidential to your account! -=Julian=-